Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/boatnet.spc.elf

/usr/bin/xfce4-panel

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"

/usr/bin/xfce4-panel

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"

/usr/bin/xfce4-panel

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"

/usr/bin/xfce4-panel

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"

/usr/bin/xfce4-panel

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"

/usr/bin/xfce4-panel

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"

There are 6 hidden processes, click here to show them.

IPs

Domain

Country

Malicious

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking

154.216.20.130

unknown

Seychelles

Details

IP:	154.216.20.130
TargetID:	-1
Country:	Seychelles
Countrycode:	SYC
ASN number:	135357
ASN name:	SKHT-ASShenzhenKatherineHengTechnologyInformationCo
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f100401f000

page execute read

7f100401f000

page execute read

559a1afa3000

page read and write

7f110ad5e000

page read and write

7fff71da5000

page read and write

559a19ae5000

page read and write

7f110b3af000

page read and write

7f110ad50000

page read and write

7f110b850000

page read and write

7f110afed000

page read and write

7f110b3af000

page read and write

7f110b3d4000

page read and write

7f110b895000

page read and write

7f1104021000

page read and write

7f1004031000

page read and write

559a17ad0000

page read and write

559a17899000

page execute read

7f110b71f000

page read and write

559a1afa3000

page read and write

559a17ac7000

page read and write

7f1004030000

page read and write

559a17ac7000

page read and write

559a19ace000

page execute and read and write

7fff71dbd000

page execute read

7f110a54d000

page read and write

7f1104000000

page read and write

7fff71dbd000

page execute read

7f110ad50000

page read and write

559a19ace000

page execute and read and write

7f110b848000

page read and write

559a19ae5000

page read and write

7fff71da5000

page read and write

7f110b3d4000

page read and write

7f110a54d000

page read and write

7f110b895000

page read and write

559a17ad0000

page read and write

7f1104021000

page read and write

7f110b850000

page read and write

7f110b848000

page read and write

7f110ad5e000

page read and write

7f110b71f000

page read and write

7f1004031000

page read and write

7f1004030000

page read and write

7f110afed000

page read and write

559a17899000

page execute read

7f1104000000

page read and write

There are 36 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
boatnet.spc.elf

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportboatnet.spc.elf

Processes

IPs

Memdumps

IOC Report
boatnet.spc.elf